EmergingThreats

EmergingThreats

analyzers/EmergingThreats/EmergingThreats_DomainInfo.json

@@ -16,5 +16,24 @@
       "multi": false,
       "required": true
     }
+  ],
+  "config": {
+    "check_tlp": true,
+    "max_tlp": 2,
+    "auto_extract": false
+  },
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": false,
+  "service_homepage": "https://threatintel.proofpoint.com/",
+  "service_logo": {
+    "path": "assets/proofpoint.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report_domain.png",
+      "caption": "EmergingThreats: domain long report"
+    }
   ]
-}
+}

analyzers/EmergingThreats/EmergingThreats_IPInfo.json

@@ -16,5 +16,24 @@
       "multi": false,
       "required": true
     }
+  ],
+  "config": {
+    "check_tlp": true,
+    "max_tlp": 2,
+    "auto_extract": false
+  },
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": false,
+  "service_homepage": "https://threatintel.proofpoint.com/",
+  "service_logo": {
+    "path": "assets/proofpoint.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report_ip.png",
+      "caption": "EmergingThreats: IP long report"
+    }
   ]
-}
+}

analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json

@@ -16,5 +16,24 @@
       "multi": false,
       "required": true
     }
+  ],
+  "config": {
+    "check_tlp": true,
+    "max_tlp": 2,
+    "auto_extract": false
+  },
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": false,
+  "service_homepage": "https://threatintel.proofpoint.com/",
+  "service_logo": {
+    "path": "assets/proofpoint.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report_hash.png",
+      "caption": "EmergingThreats: hash long report"
+    }
   ]
-}
+}

analyzers/EmergingThreats/README.md

@@ -0,0 +1,12 @@
+### EmergingThreats 
+[EmergingThreats](https://www.proofpoint.com/us/products/advanced-threat-protection/et-intelligence) intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after.
+
+The analyzer is available in 3 flavors:
+- EmergingThreats_DomainInfo: retrieve ET reputation, related malware, and IDS requests for a given domain.
+- EmergingThreats_IPInfo: retrieve ET reputation, related malware, and IDS requests for a given IP address.
+- EmergingThreats_MalwareInfo: retrieve ET details and info related to a malware hash.
+
+#### Requirements
+You need a valid EmergingThreats API subscription to use the analyzer:
+
+- Provide your API key as a value for the `key` parameter.

thehive-templates/EmergingThreats_DomainInfo_1_0/long.html

@@ -1,5 +1,5 @@
-<link rel="stylesheet" href="https://unpkg.com/leaflet@1.2.0/dist/leaflet.css"/>
-        <script src="https://unpkg.com/leaflet@1.2.0/dist/leaflet.js"></script>
+<link rel="stylesheet" href="https://unpkg.com/leaflet@1.7.1/dist/leaflet.css"/>
+        <script src="https://unpkg.com/leaflet@1.7.1/dist/leaflet.js"></script>
            <style>
             #mapid { width: 800px;height: 600px; }
         </style>
@@ -79,22 +79,22 @@
                     
                             var lat = $(".geo_lat").map(function(){return parseInt($(this).text());}).get();
                             var lon = $(".geo_lon").map(function(){return parseInt($(this).text());}).get();
-                            var mymap = L.map('mapid').setView([0, 0], 3);
-                            L.tileLayer('https://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+                            var mymap = L.map('mapid', {center:[0,0], zoom:3});
+                            L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+                                tileSize: 512,
                                 maxZoom: 18,
-                                id: 'mapbox.streets'
+                                zoomOffset: -1,
+                                id: 'mapbox/streets-v11'
                             }).addTo(mymap);
-							
+                            
+							var group = new L.featureGroup().addTo(mymap);
+
 							$.each( lon, function( index, value ){
-                                L.marker([lat[index] , lon[index]]).addTo(mymap);
-                            });
-							
-                            var mark_list = $.map( lon, function( index, value ){
-                                return L.marker([lat[index] , lon[index]]);
+                                marker = L.marker([lat[index] , lon[index]]);
+                                marker.addTo(group);
                             });
                             
-                            var group = new L.featureGroup(mark_list);
-                            mymap.fitBounds(group.getBounds(),{maxZoom: 3});
+                            mymap.fitBounds(group.getBounds(),{maxZoom: 4});
                             
                     }, 3000);
                 });

thehive-templates/EmergingThreats_IPInfo_1_0/long.html

@@ -1,5 +1,5 @@
-<link rel="stylesheet" href="https://unpkg.com/leaflet@1.2.0/dist/leaflet.css"/>
-        <script src="https://unpkg.com/leaflet@1.2.0/dist/leaflet.js"></script>
+<link rel="stylesheet" href="https://unpkg.com/leaflet@1.7.1/dist/leaflet.css"/>
+        <script src="https://unpkg.com/leaflet@1.7.1/dist/leaflet.js"></script>
            <style>
             #mapid { width: 800px;height: 600px; }
         </style>
@@ -79,23 +79,22 @@
                     
                             var lat = $(".geo_lat").map(function(){return parseInt($(this).text());}).get();
                             var lon = $(".geo_lon").map(function(){return parseInt($(this).text());}).get();
-                            var mymap = L.map('mapid').setView([0, 0], 3);
-                            L.tileLayer('https://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+                            var mymap = L.map('mapid', {center:[0,0], zoom:3});
+                            L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+                                tileSize: 512,
                                 maxZoom: 18,
-                                id: 'mapbox.streets'
+                                zoomOffset: -1,
+                                id: 'mapbox/streets-v11'
                             }).addTo(mymap);
-							
+                            
+							var group = new L.featureGroup().addTo(mymap);
+
 							$.each( lon, function( index, value ){
-                                L.marker([lat[index] , lon[index]]).addTo(mymap);
-                            });
-							
-                            var mark_list = $.map( lon, function( index, value ){
-                                return L.marker([lat[index] , lon[index]]);
+                                marker = L.marker([lat[index] , lon[index]]);
+                                marker.addTo(group);
                             });
                             
-                            var group = new L.featureGroup(mark_list);
-                            mymap.fitBounds(group.getBounds(),{maxZoom: 3});
-                            
+                            mymap.fitBounds(group.getBounds(),{maxZoom: 4});
                     }, 3000);
                 });